BurpSuite is an extremely flexible and powerful tool for performing web application security testing. It is available free for download and also comes in a commercial version. Burp Suite can be downloaded from https://portswigger.net/burp/communitydownload.
The following image shows the initial Burp Suite console:
BurpSuite has various features as follows:
- Proxy: It acts as an interceptor proxy and allows editing all application requests.
- Spider: It automatically crawls the application in scope and creates an application hierarchy for further testing.
- Scanner: It runs pre-defined security tests on the target application and generates a vulnerability report. This feature is available only in the commercial version.
- Intruder: This feature can be effectively used for fuzzing various input fields in the application.
- Repeater: This can be used for sending a particular request multiple times and analyzing the response.
- Decoder: This can be used for decoding content in various formats such as Base64, and so on.
- Extender: This can be used for adding additional extensions to Burp Suite.